Re: tcp blackhole and ident
From: Matthew Seaman (m.seaman_at_infracaninophile.co.uk)
Date: 01/31/04
- Previous message: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- In reply to: J.D. Bronson: "tcp blackhole and ident"
- Next in thread: J.D. Bronson: "Re: tcp blackhole and ident"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 31 Jan 2004 13:39:24 +0000 To: "J.D. Bronson" <jbronson@lonebandit.com>
On Sat, Jan 31, 2004 at 07:32:36AM -0600, J.D. Bronson wrote:
> I have a question. I setup the following in sysctl.conf:
>
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
>
> ..Well this works, but now I have a new issue.
> I run sendmail and as such, need to allow TCP 113 into this machine
> and yet get CONNECTION REFUSED. - I dont want to run IDENT, but
> need to still get the CONNECTION REFUSED...
Run ipfw(8) or a similar firewall and set up a rule that sends an ICMP
reject whenever it detects an incoming connection on port 113 as part
of your firewall configuration. Eg. something like:
01600 reset tcp from any to me dst-port 113 setup
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
- application/pgp-signature attachment: stored
- Previous message: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- In reply to: J.D. Bronson: "tcp blackhole and ident"
- Next in thread: J.D. Bronson: "Re: tcp blackhole and ident"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
